Bsides Conference

AGENDA

EVENT SCHEDULE

Keynote 1

Heath Adams

About: Heath Adams (aka The Cyber Mentor) is the CEO and founder of TCM Security. Outside of TCM Security, he is an online cybersecurity instructor on platforms such as TCM Academy, YouTube, and Twitch, teaching his students penetration testing methods and tactics. Heath is also a military veteran, having served in the US Army Reserves, and helped co-found VetSec, a 501c3 dedicated to military members in cybersecurity. When Heath is not at work, he enjoys spending time with his wife, Amber, and their four animal “children.” He is an avid runner, musician, trivia nerd, and sports fan.

Keynote 2

Yassine Aboukir

About: Yassine Aboukir is a senior application security consultant working with organizations from various industries while traveling the world as a digital nomad for over 4 years. Yassine is a proficient bug bounty hunter with previous triage experience. He is actively hacking on the HackerOne platform where he's ranked in the top 20 hackers, won MVH title and 1st place at a live hacking event held in Denver. He has spoken at various international security conferences and enjoys meeting and connecting with like-minded people.

Tech Talk : The Dark Side of DeFi

Rudra Singh And Arbaz Hussain

About: Rudra & Arbaz work as smart contract triager at immunefi, Interested in investigating defi hacks and writing postmortems.

Title: The Dark Side of DeFi. How to spot potential vulnerabilities?

Description: We will start with an introduction to blockchain and smart contracts, the common smart contract vulnerabilities drawing from bugs submitted and paid out through Immunefi.
The talk is going to the technical, drawing the common vulnerabilities of the EVM(ethereum virtual machine)-based blockchain smart contracts which developers often ignore such as:

Risks associated with the external calls.
Dependency on the spot price.
Access control issues.
DoS [or] Griefing attacks.

Tech Talk : Smart Contract Security 101

Shashank

About: CEO & Co-founder of Credshields.com. Ex-security analyst at HackerOne with 10 years of experience in cybersecurity.

Title: Smart Contract Security 101

Description: The web is heading towards a decentralized future, one where everything is on the blockchain and interacts through smart contracts. To build this ecosystem, Solidity language is used as the basic building block, so there's an extensive need for the security of smart contracts.

Tech Talk : Bug Bounty On Steroids

Hussein Daher

About: "Hacking is an art" believes Hussein Daher who have been working in the hacking industry for over 10 years. With a business master's degree, he chose a different path for his life's endeavor. CEO of Web Immunify which provides pentest services, he has submitted over 1000 vulnerabilities over bug bounty platforms, won Vigilante award at H1-2010 event, won best team collaboration at H1-2010, won BugBash best team collaboration, won Intigriti 1337up's competition in May, finished Yahoo Elite top 1 in last cycle, and took down a lot of other challenges. On the other hand, he enjoys traveling and spending time on the African's tropical sea.

Title: Bug Bounty On Steroids

Description: Despite the evolution of AI and the possibility of robots taking over the security field, Bug bounty keeps growing every year. This said, only a few hackers share the major part of the bugs found over several platforms. In this talk, we will showcase the techniques and bugs which will help you upper your bug bounty game. This talk will contain PoCs, techniques and WAF bypasses.

Tech Talk : Securing Layer 8

Hudney Piquant &
Charlie Waterhouse

About: Hudney Piquant, Synack Solutions Architect and Charlie Waterhouse, Synack Sr Product Security Analyst

Title: Securing Layer 8

Description: One of the most difficult challenges globally is securing the human element, and as such it tends to be neglected. The current solution of training with “gotcha” emails is not successful and tends to cause unintended negative consequences. We will investigate a more global approach to secure businesses by taking on the “business of hacking”. We show how we can harden the human element and expand our footprint by using a better way to learn and by widening our defenses. The key is to ensure we also harden society to help drive the ROI for attackers up enough that business is no longer profitable, forcing them into the technology fight which, as an industry, security professionals have much more secure footing.

Tech Talk : Pwning Android Apps at Scale

Sparsh Kulshrestha &
Shashank Barthwal

About: Sparsh Kulshrestha and Shashank Barthwal work as Security Researchers at CloudSEK

Title: Pwning Android Apps at Scale: Exploiting multiple vulnerabilities on poorly secured backend services powering android

Description:
This talk presents the vulnerability research conducted on assets fetched from the source code of the 500,000+ apps that we have indexed. This will be demonstrated by:

○ Showcasing the large and rapidly growing dataset that we have created and maintained, and the findings from the in-depth research and analysis conducted on this data.
○ Highlighting the large-scale data exposure due to the widespread presence of hardcoded API keys and credentials, which put millions of users at risk.
○ Delving into the 150+ pre-authentication remote code executions we were able to carry out various backend services powering Android apps, by exploiting common vulnerabilities, such as log4j, SSRF, SQLi, path traversal, etc.
○ Findings based on the analysis of the 50million+ domains that were extracted from the source codes of the 500,000+ apps. The domain URLs, in conjunction with other parameters/ assets exposed in the source codes, can be used to inject various payloads.
○ Introducing our open-source tool with API access, which can be used for easy automation, research, and analysis.

Tech Talk : How to write your First Nuclei Template?

Dhiyaneshwaran B.

About: AppSec Researcher at ProjectDiscovery

Title: How to write your First Nuclei Template?

Description: A guide to writing your first basic nuclei template all the way up to advanced ones, including different protocols (TLS, HTTP, DNS, WebSocket, Network, File, Headless) and authenticated templates.

Closing Keynote

Eugene Lim

About: spaceraccoon hacks for good! From Amazon to Zendesk, he has helped secure organizations from a range of vulnerabilities. In 2021, he was 1 of 5 selected from a pool of 1 million white hat hackers for the HackerOne H1-Elite Hall of Fame. Outside of bug bounty, he researches cutting-edge cybersecurity issues that span a diversity of domains such as artificial intelligence and social engineering. His work has been featured at top conferences such as Black Hat, DEF CON, and industry publications like WIRED and The Register.

Title: Trends in Vulnerability Research

Description: Once the domain of secretive organisations or freewheeling hackers, vulnerability research has stepped into the open as methods and tools spread through social media, conferences, and open-source repositories. Bug hunters pursue “zero-days” to get an edge in a competitive space, while companies reward new findings with eye-popping bounties. Is this a dangerous proliferation or a welcome democratisation of vulnerability research? I will discuss these trends and sum up the innovative research presented at BSides Ahmedabad.

Bug Bounty Show : Playing with Fake emails for fun and profit

Sayaan Alam

About: Cybersecurity Researcher, Student and Bug Bounty Hunter

Title: Playing with Fake emails for fun and profit

Description: I have recently found a vulnerability in dropbox bug bounty program that allowed me to send fax from any account by just sending a fake email to their server , this could’ve got very worse because many government agencies use hellofax to send official faxes that are very sensitive and high authority fax numbers .

I wrote about this bug at https://infosecwriteups.com/mail-server-misconfiguration-leads-to-sending-a-fax-from-anyones-account-on-hellofax-dropbox-bbp-aab3d97ab4e7

Bug Bounty Show : Exploiting BurpSuite Upstream Proxy

Armaan Pathan

About: Senior Security Engineer at Certus Cybersecurity

Title: Exploiting BurpSuite Upstream Proxy For To Intercept SSL Traffic In Clear Text ( version 1.7)

Description: Burp Suite is an integrated platform and graphical tool for performing security testing of web applications.There are several tools included in the Burp Suite. Burp's upstream proxy settings determine whether outgoing requests are routed through an upstream proxy server or directly to the destination web server.

Users can specify different proxy settings for different destination hosts or groups of hosts in multiple rules. The rules are applied in order, with the first rule matching the destination web server being used. Burp uses direct, non-proxied connections if no rules match. During my research, I discovered that attackers can exploit upstream proxy in order to steal sensitive information passing through the Burp suite without the user's knowledge.

Bug Bounty Show : PHP EAR To SQLi

Kuldeep Pandya

About: Null Ahmedabad Chapter Leader, Full-time Synack Red Teamer & Web/OSINT Enthusiast

Title: PHP EAR To SQLi

Description: In this session, we will focus on a PHP EAR to SQLi chain that landed a 9900$ bounty.

Bug Bounty Show : Race condition to Crypto Token Drainage

Keyur Talati

About: Security Analyst at Strobes Security

Title: (1) Race condition to Crypto Token Drainage & (2)Improper implementation payment checks to token drainage

Description:
https://wesecureapp.com/blog/blockchain-network-is-secured-but-not-the-apps-and-their-integrations/

The above mentioned link contain small part of the vulnerability.
During the further assessment, it was observed that the application is not properly configured again function locks to protect the application from attacks like race condition.

We exploited the race condition to get large number of refund via metamask integrated backend. Once client has applied proper patch for the bug, we found other critical vulnerabilities in the same application, where we were able to tamper with hash and book large amount of tickets and again get large amount of Ethereum as refund.

Bug Bounty Show : Masquerading malicious campaign

Ahmad Ashraff Ahmad

About: Lead Security Consultant for ZX Security

Title: Masquerading malicious campaign through unintended IDOR

Description:
Insecure direct object references (IDOR) is a type of vulnerability caused by inadequate access control settings. This vulnerability made its name by being a common flaw discovered in web applications as documented in OWASP Top 10 2021. Depending on the situation, it could lead to unauthorized actions, horizontal privilege escalation, and vertical privilege escalation.

Finding an IDOR is easy as most of the time it only requires the tester to enumerate the identifier. In this presentation, the speaker will discuss an IDOR that, although it appears unintentional, can cause harm and is most of the time unreported by the other bug-hunters.

The IDOR is not commonly found, but it can usually be found on the websites of large organizations. It results from a missing access control in a tool or program commonly used for marketing campaigns. A majority of IDOR writeups available on the internet mention that the bughunter must enumerate the value of the identifier (such as a number or UUID). This presentation, however, will focus on IDOR using URL path manipulation.

The speaker was rewarded several times for reporting this IDOR.

Bug Bounty Show : Tale of Chaining Bugs for Account Takeovers

Harsh Bothra

About: Harsh is working as a Security Consultant and Penetration Tester with significant expertise in Web applications, API, Android applications, and Thick Client & Network Penetration Testing.

Title: Tale of Chaining Bugs for Account Takeovers

Description:
Account Takeover is an impact of a security vulnerability like IDOR. However, Account Takeover demonstrates a maximum impact out of a limited impact vulnerability. Often, it requires chaining base vulnerabilities to increase their impact, which is what I will be talking about.

I aim to present various scenarios of chaining vulnerabilities to perform account takeover in scenarios such as IDORs, OAuth, CSRFs, etc.

Bug Bounty Show : Finding P1(s) at will

Satyam Gothi

About: Synack red team member | Youtuber

Title: Finding P1(s) at will

Description: Showcasing the Vulnerabilities and Bugs which I found just by Manual analysis of the Target’s JavaScript files and a little of BurpSuite, without any crazy automation or Deep Research. The vulnerabilities include SQL Injections, Remote Code Execution, Access Control & Information Disclosures.

Bug Bounty Show : Bypass limits in whole web via python selenium

Kartikey Aggarwal

About: Kartikey Aggarwal is one of India youngest security researcher at age of 16 he was able to archive financial independence with bug bounty He Loves to exploit bugs and Automate them for mass hunting He Automates maximum of his bugs on golang and python. He Loves different bugs then others.

Title: How I was able to bypass limits in whole web via python selenium

Description:
It was time when i got invite from hackerone to hunt on a private program lets take program target.com It was second time I was testing for this bug first time I got 750$ for same bug on different hackerone program Now Lets Begin Story of How I discover it

So as every reasearcher I checkout program scope after getting invite and its not to big,so I start testing for bugs on organisation manually via firing my burpsuite. Now I start looking for every feature of web and found nothing so I try rate limit vulnerablity there but the organisation is Using token in every request which expires after a request so I was not able to find rate limit because if i use intruder in it it will 403 after 1 request so Now i try it by removing token from request but it doesn't work there and I got 403 again So One Thing Came in my mind why not try our python skills here so i just go to my vs code and use selenium library and automated the whole process and run it it works fine then i integrate it with a bash script to run it in loop and now i was able to bypass rate limit via python selenium and submit it to program and it is bypass whole organisation rate limits so they rewarded me with 4 digit bounty if you understand it good

Otherwise pls mail me at jsrkartikeyvinayak@gmail.com to know with step to reproduce and full detailed report

BSIDES AHMEDABAD2022

THE THIRD EDITION- 0X03

2

24+

1.2M

3M

WHO WE ARE

KEYNOTE SPEAKERS

Heath Adams

Yassine Aboukir

TECHNICAL TALKS SPEAKERS

Arbaz Hussain

Rudra Singh

Shashank

Hussein Daher

Charlie Waterhouse

Hudney Piquant

Sparsh Kulshrestha

Shashank Barthwal

Dhiyaneshwaran B.

CLOSING NOTE SPEAKER

Eugene "Spaceraccoon" Lim

The Bug Bounty Show Speakers

Sayaan Alam

Armaan Pathan

Kuldeep Pandya

Keyur Talati

Ahmad Ashraff Ahmad

Harsh Bothra

Satyam Gothi

Kartikey Agrawal

Panel : How to Get Started in Bug Bounties

Nikhil Srivastava (Moderator)

Farah Hawa (Panellist)

Bhavuk Jain (Panellist)

Avanish Pathak (Panellist)

Sandeep Singh (Panellist)

Jenish Sojitra (Panellist)

Panel : Breaking into Information Security

Charlie Waterhouse (Moderator)

Sagar Parmar (Panellist)

Kainat Kamal (Panellist)

Kavisha Seth (Panellist)

Savan Gadhiya (Panellist)

Jigar Thakkar (Panellist)

CXO Panel

Smith Gonsalves (Moderator)

Nitin Bhatnagar (Panellist)

Dilip Panjwani (Panellist)

Khushru Doctor (Panellist)

Rajesh Kanna A M S(Panellist)

Village speaker

Seedon D'Souza